Vulnerability discovered in Microsoft Visual Studio

2023-06-27 09:11:06

LnRiLWZpZWxke21hcmdpbi1ib3R0b206MC43NmVtfS50Yi1maWVsZC0tbGVmdHt0ZXh0LWFsaWduOmxlZnR9LnRiLWZpZWxkLS1jZW50ZXJ7dGV4dC1hbGlnbjpjZW50ZXJ9LnRiLWZpZWxkLS1yaWdodHt0ZXh0LWFsaWduOnJpZ2h0fS50Yi1maWVsZF9fc2t5cGVfcHJldmlld3twYWRkaW5nOjEwcHggMjBweDtib3JkZXItcmFkaXVzOjNweDtjb2xvcjojZmZmO2JhY2tncm91bmQ6IzAwYWZlZTtkaXNwbGF5OmlubGluZS1ibG9ja311bC5nbGlkZV9fc2xpZGVze21hcmdpbjowfQ==

LnRiLWhlYWRpbmcuaGFzLWJhY2tncm91bmR7cGFkZGluZzowfQ==

LnRiLWZpZWxkcy1hbmQtdGV4dFtkYXRhLXRvb2xzZXQtYmxvY2tzLWZpZWxkcy1hbmQtdGV4dD0iMzBkY2QxMTExZTkwNjFmN2ZiNmYwYzdlYjVjNzY5YWIiXSB7IG1hcmdpbi1ib3R0b206IDEwcHg7IH0gIC50Yi1pbWFnZXtwb3NpdGlvbjpyZWxhdGl2ZTt0cmFuc2l0aW9uOnRyYW5zZm9ybSAwLjI1cyBlYXNlfS53cC1ibG9jay1pbWFnZSAudGItaW1hZ2UuYWxpZ25jZW50ZXJ7bWFyZ2luLWxlZnQ6YXV0bzttYXJnaW4tcmlnaHQ6YXV0b30udGItaW1hZ2UgaW1ne21heC13aWR0aDoxMDAlO2hlaWdodDphdXRvO3dpZHRoOmF1dG87dHJhbnNpdGlvbjp0cmFuc2Zvcm0gMC4yNXMgZWFzZX0udGItaW1hZ2UgLnRiLWltYWdlLWNhcHRpb24tZml0LXRvLWltYWdle2Rpc3BsYXk6dGFibGV9LnRiLWltYWdlIC50Yi1pbWFnZS1jYXB0aW9uLWZpdC10by1pbWFnZSAudGItaW1hZ2UtY2FwdGlvbntkaXNwbGF5OnRhYmxlLWNhcHRpb247Y2FwdGlvbi1zaWRlOmJvdHRvbX0gLndwLWJsb2NrLWltYWdlLnRiLWltYWdlW2RhdGEtdG9vbHNldC1ibG9ja3MtaW1hZ2U9ImYyZjRlOWQ5OWQ1ZTY1ZGU3NmRmMmU0NmFmNjZlNzkwIl0geyBtYXgtd2lkdGg6IDEwMCU7IH0gIEBtZWRpYSBvbmx5IHNjcmVlbiBhbmQgKG1heC13aWR0aDogNzgxcHgpIHsgIC50Yi1pbWFnZXtwb3NpdGlvbjpyZWxhdGl2ZTt0cmFuc2l0aW9uOnRyYW5zZm9ybSAwLjI1cyBlYXNlfS53cC1ibG9jay1pbWFnZSAudGItaW1hZ2UuYWxpZ25jZW50ZXJ7bWFyZ2luLWxlZnQ6YXV0bzttYXJnaW4tcmlnaHQ6YXV0b30udGItaW1hZ2UgaW1ne21heC13aWR0aDoxMDAlO2hlaWdodDphdXRvO3dpZHRoOmF1dG87dHJhbnNpdGlvbjp0cmFuc2Zvcm0gMC4yNXMgZWFzZX0udGItaW1hZ2UgLnRiLWltYWdlLWNhcHRpb24tZml0LXRvLWltYWdle2Rpc3BsYXk6dGFibGV9LnRiLWltYWdlIC50Yi1pbWFnZS1jYXB0aW9uLWZpdC10by1pbWFnZSAudGItaW1hZ2UtY2FwdGlvbntkaXNwbGF5OnRhYmxlLWNhcHRpb247Y2FwdGlvbi1zaWRlOmJvdHRvbX0gIH0gQG1lZGlhIG9ubHkgc2NyZWVuIGFuZCAobWF4LXdpZHRoOiA1OTlweCkgeyAgLnRiLWltYWdle3Bvc2l0aW9uOnJlbGF0aXZlO3RyYW5zaXRpb246dHJhbnNmb3JtIDAuMjVzIGVhc2V9LndwLWJsb2NrLWltYWdlIC50Yi1pbWFnZS5hbGlnbmNlbnRlcnttYXJnaW4tbGVmdDphdXRvO21hcmdpbi1yaWdodDphdXRvfS50Yi1pbWFnZSBpbWd7bWF4LXdpZHRoOjEwMCU7aGVpZ2h0OmF1dG87d2lkdGg6YXV0bzt0cmFuc2l0aW9uOnRyYW5zZm9ybSAwLjI1cyBlYXNlfS50Yi1pbWFnZSAudGItaW1hZ2UtY2FwdGlvbi1maXQtdG8taW1hZ2V7ZGlzcGxheTp0YWJsZX0udGItaW1hZ2UgLnRiLWltYWdlLWNhcHRpb24tZml0LXRvLWltYWdlIC50Yi1pbWFnZS1jYXB0aW9ue2Rpc3BsYXk6dGFibGUtY2FwdGlvbjtjYXB0aW9uLXNpZGU6Ym90dG9tfSAgfSA=

Varonis Threat Labs found an error installing Microsoft Visual Studio. The vulnerability allows attackers to steal sensitive information as seemingly legitimate publishers.

Security researchers at Varonis Threat Labs warn of a bug (CVE-2023-28299) in the Microsoft Visual Studio installer. The vulnerability might allow cyber attackers to impersonate a legitimate software maker, thereby creating and distributing malicious extensions to application developers. From there, they can infiltrate development environments, take control, manipulate code, and steal valuable intellectual property. This vulnerability can easily be exploited for attacks due to the low level of complexity and the low level of authorization required. Microsoft has now released a corresponding patch. Users should urgently install it and watch out for suspicious activity.

Vulnerability in the development environment for programs

Microsoft Visual Studio is a widely used development environment for various programming languages. The UI bug discovered by Varonis Threat Labs allows an attacker to pose as a publisher and publish a malicious extension to compromise a target system. Attackers have already used malicious extensions to steal sensitive information. Also, stealthily access and change code or take complete control of a system.

For security reasons, Visual Studio does not allow line breaks within an extension’s name. This is to prevent users from entering information into the Product Name extension property. Vulnerability: However, this can easily be circumvented by opening the VSIX as a ZIP file and tagging it Manually add line breaks under the file: “extension.vsixmanifest”. When enough newlines are added to the extension name, all other text in the Visual Studio installer prompt moves down, making the “Digital Signature: None.” warning no longer visible. Since the section under the extension’s name is editable, attackers can easily add fake “digital signature” text here, which is visible to users and appears to be genuine.

Action of the attackers

Attackers can exploit the vulnerability in the following ways:

The attacker sends an email to the company’s developers disguised as a legitimate software update. In the email, the attacker attaches a fake VSIX extension that mimics the legitimate extension. The victim can download the fake malicious VSIX extension indistinguishable from a real, signed update and installs the malicious VSIX extension.After implementing a manipulated payload into the extension, the attacker compromises the victim’s computer and thus gains initial access to the company.Now the attacker can hide inside the company under attack, possibly stealing intellectual property and confidential data.

Hero has been pursuing a different approach than most IT security providers since it was founded in 2005 by placing company data stored locally and in the cloud at the center of the security strategy. This includes sensitive files and e-mails, confidential customer, patient and employee data, financial data or strategy and product plans. Varonis Data Security Platform (DSP) detects insider threats and cyberattacks by analyzing data, account activity, telemetry, and user behavior. (sg)

Also Read: Risk Management: How IT Teams Can Review Third-Party Apps

Lead image: mapoli-photo – Adobe Stock

Share the message “Vulnerability discovered in Microsoft Visual Studio” with your contacts:

1687857383
#Vulnerability #discovered #Microsoft #Visual #Studio